67df4da781
Adding batch mode to output just one line of text (no colors) in order to be parsed by computer tools
...
Adding DESCRIPTION field in tests and [INFO] DESCRIPTION in main
Update README with --batch mode info
Add --batch mode in hardening.sh
Change summary to make it oneliner when batch mode
AUDIT_SUMMARY PASSED_CHECKS:95 RUN_CHECKS:191 TOTAL_CHECKS_AVAIL:191 CONFORMITY_PERCENTAGE:49.74
2017-10-31 17:44:15 +01:00
8a7f9ddad5
Change from CIS reco and only warn (no crit) if logfile does not exist
2018-03-22 18:17:17 +01:00
7077554bca
Redirect stderr to avoid printing "no such file" error
2018-03-19 18:06:47 +01:00
76abf8da36
resolve #SOC-30 Also check /etc/security/limits.d/ for core dump limit
2018-02-12 15:37:12 +01:00
51f589923d
Fix SOC-28, add test if file exist, if not issue error
2018-02-09 13:49:38 +01:00
b1f85d3f99
Add sudo management in main and utils
...
* perform readonly checks as a regular user
* sudo -n is used for checks requiring root privileges
* increase accountability by providing log of individual access to sensitive files
2017-11-09 15:45:42 +01:00
6977eb5064
Merge pull request #31 in IAAS/cis-hardening from dev/cherlin/update-cis-scripts to master
...
* commit 'f97fbb47f701fd81a6dcdabb1d2e961943386eb5':
Update ciphers list in 9.3.11 with latest chacha20 and gcm ciphers
2017-12-05 11:38:15 +01:00
02f0e30df1
Expand tabs to 4 spaces and trim trailing spaces
2017-11-17 15:13:27 +01:00
ae6fbf2d86
Update ciphers list in 9.3.11 with latest chacha20 and gcm ciphers
2017-11-10 14:48:51 +01:00
5b2404dab8
Applying batch edit to all hardening/*.sh scripts for new CIS_ROOT_DIR management
2017-10-25 14:50:39 +02:00
3b7a2b8216
Merge pull request #12 from speed47/dev/enhancements
...
Hardening Classification
subs enhancements as well as bug fixes
2017-09-28 13:22:59 +02:00
481485a0d7
No more wildcards in file list to be more resilient
2017-06-13 15:36:06 +02:00
676b17c54f
add hardening templating and several enhancements
2017-05-18 18:40:09 +02:00
46dbe8a6bc
[10.1.3] set the good value for $OPTIONS
2017-05-03 23:08:48 +02:00
3e1df0cdf9
[Debian 8] Fixed comments for debian 8 compliance
2017-03-10 17:46:39 +01:00
0c053eef56
[10.2] Fixed result parsing in case of spaces in passwd list
2017-03-10 17:26:55 +01:00
f5cb5ddf97
fixed option name in 9.3.9_disable_sshd_permitemptypasswords.sh, was PermitRootLogin instead of PermitEmptyPassword
2016-06-29 15:12:21 +02:00
4867538c22
fix 99.1 Apply TMOUT Variable
2016-05-02 10:45:32 +02:00
1479332870
debian dependencies fix, rephrasing, revision bump 1.0-8.
2016-04-25 15:15:49 +02:00
6e366172f8
Fixed 6.15 netstat analysis
2016-04-22 16:59:52 +02:00
98eff3174b
Merge pull request #4 from jedisct1/valuemsg
...
Rephrase confusing messages
2016-04-22 08:40:14 +02:00
cb3077e268
Fixed default file error handling and quickstart
2016-04-21 23:19:50 +02:00
ed410747df
Rephrase confusing messages
2016-04-21 18:32:36 +02:00
08fd72786c
Fixed point 9.1.8 cron rights as a chmod 600 disabled the cron.allow features (file must be world readable)
2016-04-21 18:15:22 +02:00
5048099df8
Fixed 8.2.4 check file exists before testing rights
2016-04-20 14:36:55 +02:00
3ece442743
Added exit code to CIS_ROOT_DIR test def, optimized sed and sort
2016-04-20 11:29:44 +02:00
b2d3ed937e
Corrected script names, added License, Completed README and corrected bug with too long logger messages
2016-04-19 09:31:01 +02:00
6019dd9078
Corrected default file path
2016-04-18 17:39:14 +02:00
e79a03095c
All configuration defaults to disabled README updated
2016-04-18 13:19:46 +02:00
7eaf124fc0
99.1_timeout_tty.sh 99.2_disable_usb_devices.sh
2016-04-18 11:16:05 +02:00
628fe96666
Fixed disabled features, headers and preparing main script
2016-04-17 23:19:41 +02:00
fa98efc32b
Added argument parsing and test checks
2016-04-17 23:10:47 +02:00
f829cdacf2
13.16_check_duplicate_username.sh 13.17_check_duplicate_groupname.sh 13.18_find_user_netrc_files.sh 13.19_find_user_forward_files.sh 13.20_shadow_group_empty.sh
2016-04-17 22:30:20 +02:00
dbeca2fba3
13.14_check_duplicate_uid.sh 13.15_check_duplicate_gid.sh^C
2016-04-17 19:53:47 +02:00
4894b6d402
13.12_users_valid_homedir.sh 13.11_find_passwd_group_inconsistencies.sh 13.13_check_user_homedir_ownership.sh
2016-04-17 18:58:25 +02:00
39e9c794e4
13.10_find_user_rhosts_files.sh
2016-04-16 18:55:44 +02:00
77f01d2709
13.8_check_user_dot_file_perm.sh 13.9_set_perm_on_user_netrc.sh
2016-04-16 18:32:09 +02:00
db91df2296
13.7_check_user_dir_perm.sh
2016-04-16 18:11:53 +02:00
fb9bf542a1
13.1_remove_empty_password_field.sh 13.2_remove_legacy_passwd_entries.sh 13.3_remove_legacy_shadow_entries.sh 13.4_remove_legacy_group_entries.sh 13.5_find_0_uid_non_root_account.sh 13.6_sanitize_root_path.sh
2016-04-16 17:25:48 +02:00
8c94214120
13.1_remove_empry_password_field.sh
2016-04-16 15:10:14 +02:00
c193bd49f5
12.11_find_sgid_files.sh
2016-04-16 12:57:24 +02:00
ac2b994306
12.10_find_suid_files.sh 12.1_etc_passwd_permissions.sh 12.2_etc_shadow_permissions.sh 12.3_etc_group_permissions.sh 12.4_etc_passwd_ownership.sh 12.5_etc_shadow_ownership.sh 12.6_etc_group_ownership.sh 12.7_find_world_writable_file.sh 12.8_find_unowned_files.sh 12.9_find_ungrouped_files.sh
2016-04-16 00:26:19 +02:00
82a7b05a05
10.5_lock_inactive_user_account.sh 11.1_warning_banners.sh 11.2_remove_os_info_warning_banners.sh 11.3_graphical_warning_banners.sh
2016-04-15 23:38:48 +02:00
6c72eb0a8b
10.1.1_set_password_exp_days.sh 10.1.2_set_password_min_days_change.sh 10.1.3_set_password_exp_warning_days.sh 10.2_disable_system_accounts.sh 10.3_default_root_group.sh 10.4_default_umask.sh 9.4_secure_tty.sh 9.5_restrict_su.sh
2016-04-15 19:29:26 +02:00
823cd217a0
9.2.1_enable_cracklib.sh 9.2.2_enable_lockout_failed_password.sh 9.2.3_limit_password_reuse.sh 9.3.10_disable_sshd_setenv.sh 9.3.11_sshd_ciphers.sh 9.3.12_sshd_idle_timeout.sh 9.3.13_sshd_limit_access.sh 9.3.14_ssh_banner.sh 9.3.2_sshd_loglevel.sh 9.3.1_sshd_protocol.sh 9.3.3_sshd_conf_perm_ownership.sh 9.3.4_disable_x11_forwarding.sh 9.3.5_sshd_maxauthtries.sh 9.3.6_enable_sshd_ignorerhosts.sh 9.3.7_disable_sshd_hostbasedauthentication.sh 9.3.8_disable_root_login.sh 9.3.9_disable_sshd_permitemptypasswords.sh
2016-04-15 14:24:45 +02:00
0407ebe362
9.1.3_cron_hourly_perm_ownership.sh 9.1.4_cron_daily_perm_ownership.sh 9.1.5_cron_weekly_perm_ownership.sh 9.1.6_cron_monthly_perm_ownership.sh 9.1.7_cron_d_perm_ownership.sh 9.1.8_cron_users.sh
2016-04-15 10:18:23 +02:00
95d4936fbc
9.1.1_enable_cron.sh 9.1.2_crontab_perm_ownership.sh
2016-04-14 23:26:37 +02:00
1a0be2e5b0
8.4_configure_logrotate.sh
2016-04-14 23:11:09 +02:00
a93c6174e3
8.4_conifgure_logrotate.sh
2016-04-14 23:08:52 +02:00
909dde9f18
8.3.2_tripwire_cron.sh
2016-04-14 23:05:58 +02:00
